How To Hijack An Airplane With Android: Security Specialist Exposes Massive Holes In Airline Cyber Security

German security consultant Hugo Teso exposed massive holes in aircraft security when he showed at the "Hack in the Box" conference in Amsterdam on Wednesday evening how to completely take over – and even crash – a commercial airplane. All you need is an Android phone, a radio transmitter and some knowledge about flight-management software.

Perhaps the most frightening part is that you don’t even have to be on the airplane when you hijack it. The entire attack can be done remotely from the ground, so not even full-body scans at the airport can prevent it.

After purchasing a flight-management system from eBay to study flight code, Teso learned how to read and send Aircraft Communications Addressing and Reporting System messages. He then used a radio transmitter to audit actual aircraft code, and built an Android app that delivers attack messages to an airplane’s computer.

Teso could use the app to completely commandeer the steering of a Boeing jet once it goes on autopilot. The only countermeasure would be for pilots to turn off autopilot. The problem, as a Computer World blog post pointed out, is that even if the pilots realized the steering had been hijacked, many airplanes no longer have the equipment necessary for manual flying.

The app, which Teso named PlaneSploit, could take control of almost all of an airplane’s systems. He could manipulate the pilots’ lights and alarms, trigger the oxygen masks to drop, and even make the airplane crash.

Using a Samsung Galaxy smartphone and some virtual airplanes, Teso demonstrated live how to hack an airplane’s computer. The slides from the presentation can be found here.

Thankfully, Teso has no plans to release PlaneSploit to the Google Play Store -- not that it would be accepted; however, his presentation showed that airlines need to take immediate steps to protect their networks before a more malevolent hacker makes plans.